Dameon Welch Abernathy

This Week in CheckMates: Week of 17th July 2017

Blog Post created by Dameon Welch Abernathy Employee on Jul 21, 2017

Here's this weeks installment of "This Week in CheckMates."

Past and future posts will be available here: About CheckMates 

Also, if you're not sure what CheckMates is, check out this short video!

 

Community Highlights

Here are some highlights from the week's activity on CheckMates:

 

SNORT Rules and CheckPoint R77.30 IPS

The question was about having a particular signature trigger a block of the specific IP address for all traffic. This can be done, but it does require building a script that parses the log entry and executes fw samp to block the connection.

 

Installing take 10 of R80.10 blew away the gateway part of a single gateway setup. Is that a known problem?

It appears to be a known issue that can happen under a rare combination of circumstances. Read the thread for a workaround to the issue. A fix for the issue will be coming in a future R80.10 jumbo hotfix.

 

Issue when migrating R77.30 to R80.10 Management Server

Look for words like "error","fail", and "unable" in the following file: $FWDIR/log/cpm_for_cpdb-YYYY-MM-DD-HH-MM-SS.ELG. You may need to engage with the TAC depending on what this turns up for you.

 

My Top 3 Check Point CLI commands

Chances are, if you've been using Check Point products for a while, you've had to do something on a command line. We've shared some of our favorite (and even obscure) commands with you here. This has quickly become one of our most active threads, chime in with your favorites!

 

CLI API Example for exporting, importing, and deleting different objects using CSV files (v 00.29.02 and later)

This is a great set of scripts for migrating objects in and out of a Check Point R80+ management station using CSV files created by one of our SEs, Eric Beasley. Have you used them yet?

 

Did You Know...

 

You can control how often you receive email from the community?

We created a short video to explain how, which can also be viewed side-by-side with the captions here: Set Email Notification Prefs in CheckMates | fleeq.io 

 

 

 

Feedback

You are of course welcome to respond to this post if you have questions! If you want to send something privately, you can send an email to checkmates@checkpoint.com and we'll respond promptly.

Outcomes